Configure NOD32 and Postfix as Antivirus Gateway

You can use the default postfix and cyrus-sasl package also or use the rpm delivered with your distribution, install postfix and cyrus-sasl package. (RPM Packages that comes with your distribution may be older, it is still OK)

There are alias, access, transport, virtual files in /etc/postfix, these files are for different kinds of mapping.

After changing these files, you must rebuild the db file by postmap, e.g.
postmap hash:/etc/postfix/transport

remember to change alias_maps and alias_database parameters in /etc/main.cf, pointing to the correct aliases file. By default, the aliases file is located in /etc/. The postfix style command for build alias database is

postalias hash:/etc/postfix/aliases

(your aliases file path)

Change the original mail server

In this gateway, Postfix will NOT handle any kinds of local delivery. The original mail server is changed to listen port 26. Here are few examples how to change the listen port.

Sendmail:

Edit /etc/mail/sendmail.mc, find the line contains Port=smtp,Name=MTA,Addr=…… , change to Port=26

Qmail:

Edit /var/qmail/supervise/qmail-smtpd (or equivalent file):

exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

change smtp to 26

Courier

Locate your courier configuration file esmtpd, look in /etc/courier, or /usr/local/etc/courier

change PORT=26

The emails goes into Postfix through port 25, after scanning, they will be forwarded to the original mail server on port 26. In order to prevent open relaying, sasl authentication must be setup. The alternative solution is setting restrictions on senders.

Configure NOD32

The configuration files of NOD32 is located in /etc/nod32. Key in your username and password in /etc/nod32/nod32.auth for update. For security reason, you are recommended to chmod 400 on the file.

Notification can be enabled by adding the line

exec_script = yes

in /etc/nod32/nod32.cfg, edit nod32d_script with your favourite format.

Add the following line in main.cf:

content_filter=smtp:[127.0.0.1]:2526

And the following in master.cf

localhost:2525 inet n – n – 10 smtpd
-o local_recipient_maps=
-o content_filter=
-o myhostname=nod32.dummydomain.com
-o disable_dns_lookups=yes

After installing NOD32, you are recommended to put a shortcut of /usr/sbin/nod32_update in /etc/cron.hourly, so NOD32 check updates every hour.

Configure a gateway

First we have to give a hostname for Postfx, why? As Postfix delivers emails to the original email server after scanning, the 2 email servers cannot have the same hostname.

Edit main.cf:

myhostname=nod32gateway.domain.com

customize the smtp banner (for fun) as you like

smtpd_banner = $myhostname Virus Gateway

The next is relayhost parameter, Postfix uses this as the default next hop

relayhost=127.0.0.1:26

Then we have to disable local delivery, and make emails for local domain deliver to the original mail server. Here we use the transport map. Setup the transport_maps parameter in main.cf,

transport_maps = hash:/etc/postfix/transport
default_transport = smtp

Add the follow line in /etc/postfix/transport, rebuild transport map afterwards

domain.com     smtp:[127.0.0.1]:26
.domain.com    smtp:[127.0.0.1]:26

(If you have other sub domains)

Everythng is OK now. Restart the original mail server, and run the gateway.

postfix start
service nod32smtp start
service nod32d start

Other issues

Installing Postix over the original mail server will overwrite the original sendmail program, if you want to keep the old one, backup the sendmail program in /usr/bin (or in somewhere). If you have a webmail, you may have to correct your sendmail path in your webmail configuration file.

It is advisable for you to disable the incoming access of port 26, 2525 and 2526, otherwise your mail server may become an open relay host.